Replacing RSA keys and adding support for ed25519 by default (!62) · Merge requests · GitLab.org / Ops Sub-Department / custom-executor-drivers / AWS Fargate driver for Custom Executor · GitLab

Brian Williams requested to merge bwill/fargate:support-ed25519-keys-by-default into master Apr 10, 2022

What does this MR do?

Replaces RSA keys with ED25519 keys as the default private/public key pairs used between the Runner and the Fargate instances.
Note: Bumps minimum Go Version to 1.15 due to some ED25519 API's used. I don't control the CI pipelines on this project so the CI/CD images might need to get updated to Golang 1.15.

Why was this MR needed?

Currently RSA keys take a long time to generate, this MR makes key generation noticeably faster.
ED25519 has become the standard on "modern" SSH Key Generation tasks, and it's even the default recommendation on the Gitlab Docs.
- Historical Note: OpenSSH 6.5 introduced ED25519 SSH keys in 2014.
Using ed25519 allows recent alpine containers with OpenSSH >= 8.8 to work due to the issues reported in #50 (comment 803947236)

What's the best way to test this MR?

Regular instructions in https://docs.gitlab.com/runner/configuration/runner_autoscale_aws_fargate/ still apply. Everything works functionaly the same except a new key algorithms is being used under the hood.
Tested on my own ECS cluster on Alpine 3.15 based images and Debian Bullseye based images.
CI Images likely need to be updated to at least Go v1.15

What are the relevant issue numbers?

#50 (closed)

Edited May 26, 2022 by Brian Williams